Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/cobbler@3.2.2
purl pkg:pypi/cobbler@3.2.2
Next non-vulnerable version 3.3.2
Latest non-vulnerable version 3.3.2
Risk
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-3uqv-f4em-4qag
Aliases:
CVE-2021-40323
GHSA-cpqf-3c3r-c9g2
PYSEC-2021-373
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
3.3.0
Affected by 3 other vulnerabilities.
VCID-gxpd-rmnn-67cm
Aliases:
CVE-2021-45083
GHSA-5946-mpw5-pqxx
PYSEC-2022-38
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
3.3.1
Affected by 1 other vulnerability.
VCID-hpkx-7ure-6qbf
Aliases:
CVE-2021-40325
GHSA-cr3f-r24j-3chw
PYSEC-2021-375
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
3.3.0
Affected by 3 other vulnerabilities.
VCID-n8d7-2mjk-wbc8
Aliases:
CVE-2022-0860
GHSA-mcg6-h362-cmq5
PYSEC-2022-177
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
3.3.2
Affected by 0 other vulnerabilities.
VCID-nrb3-t9dq-x7hw
Aliases:
CVE-2021-45082
GHSA-6cm4-gm85-972c
PYSEC-2022-37
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
3.3.1
Affected by 1 other vulnerability.
VCID-y965-s4eq-vfee
Aliases:
CVE-2021-40324
GHSA-4cfr-gjfx-fj3x
PYSEC-2021-374
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
3.3.0
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:17:08.820706+00:00 Pypa Importer Affected by VCID-n8d7-2mjk-wbc8 https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2022-177.yaml 38.6.0
2026-06-02T04:17:02.111100+00:00 Pypa Importer Affected by VCID-gxpd-rmnn-67cm https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2022-38.yaml 38.6.0
2026-06-02T04:17:02.062689+00:00 Pypa Importer Affected by VCID-nrb3-t9dq-x7hw https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2022-37.yaml 38.6.0
2026-06-02T04:14:46.328339+00:00 Pypa Importer Affected by VCID-3uqv-f4em-4qag https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2021-373.yaml 38.6.0
2026-06-02T04:14:46.289022+00:00 Pypa Importer Affected by VCID-hpkx-7ure-6qbf https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2021-375.yaml 38.6.0
2026-06-02T04:14:46.249564+00:00 Pypa Importer Affected by VCID-y965-s4eq-vfee https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2021-374.yaml 38.6.0